As an organization, you have the advantage of accepting donations and payments by credit card. This feature offers convenience, security, and often consistency for your donors as they support your ministry financially.
As an added layer of service, we are pleased to offer a Payment Card Industry (PCI) Compliance program through Aperia, a qualified security assessor. This program will ensure your compliance with PCI’s security standards.
The Payment Card Industry Data Security Standard, or PCI DSS, is a set of requirements to ensure that you follow best practices to protect your cardholders’ information. Formed in 2004 by the five major card brands (Visa, MasterCard, American Express, Discover, and JCB International), compliance with PCI DSS is required for all who accept credit cards.
We chose Aperia for its user-friendly tools and outstanding customer support. They can help you complete the appropriate Self-Assessment Questionnaire and handle any scan requirements. As an Approved Scanning Vendor (ASV), Aperia is a leading provider of PCI security solutions and will be a valuable resource for you and your organization as you work toward and sustain PCI compliance.
How to Validate Your PCI Compliance Through Aperia:
PCI Self-Assessment Questionnaire (SAQ)
Apria will email you annually to remind you that PCI Certification is due. You will complete your SAQ through Aperia’s PCI Apply solution. When you log in, you will be directed to the relevant SAQ based on how your organization handles credit card transactions. If needed, Aperia support is available to help you with your questionnaire. After completing it, the system will generate your Attestation of Compliance and Certificate of Validation. The system also offers access to Security Policies for your organization to use if you don't already have one.
Network Scans
Aperia will help you determine if network scans are required for your organization.
If network scans are necessary, Aperia will perform an external vulnerability scan, assessing your IP(s) from a hacker’s perspective to identify potential weaknesses in your network. The scan will not disrupt your operations, and there is nothing you need to do internally to prepare for it. Additionally, scans can be scheduled in advance or requested on demand; quarterly validation reports will be generated and submitted to Payment Brands on your behalf.
Reporting & Attestation of PCI Compliance
Every year, you will confirm your PCI compliance through your Aperia account. Email notifications will inform you about your annual SAQ re-assessment and, if needed, your quarterly scan requirements.
You can achieve this by logging into your account and confirming your compliance with PCI (acknowledgment is finalized with your electronic signature). Your PCI Compliance certificate can be printed and kept with a copy of your security policy. We are automatically notified of your compliance status, so no further action is needed on your part.
Aperia support is available to assist you at 877-200-6940 or through live chat within your Aperia PCI Apply account.
FAQs
What does PCI Compliance mean?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect credit card transactions. These standards offer guidelines for operational standards and best practices for accepting credit card payments. As a merchant (an organization capable of processing credit card transactions), you are required to handle credit card information securely. By completing your Self-Assessment Questionnaire (SAQ) through Aperia, you can confirm your compliance with PCI requirements.
PCI Compliance also applies to us as a Service Provider; we are proud to be validated as Level 1 PCI Compliant. This means we meet the highest security standards set forth by the PCI Council.
We are PCI Compliant through a different vendor. Does that mean we need to complete compliance with Aperia as well?
If you have already validated your PCI compliance with another Qualified Security Assessor, you can provide us with your current certificate of compliance.
We don’t ever see or possess card numbers; everything is done by the donors online. Is this still necessary?
The PCI Council requires that all merchants maintain PCI compliance. As you complete your questionnaire, you will describe how you currently process credit card transactions. Based on your responses, Aperia will provide you with the appropriate Self-Assessment Questionnaire for you to complete. For example, if you only process transactions through your website via your online giving solution and do not handle transactions over the phone or by mail, your questionnaire will not include questions about those types of transactions. The questionnaire will be tailored to your specific processing methods. Even the simplest processing methods must comply with PCI standards.
What if I need assistance with my Aperia account or have additional questions about compliance?
Aperia support is available to help you at 877-200-6940 or through live chat within your Aperia PCI Apply account. Let them know your questions, and they will address them and assist you in completing your validation.
Updated
